Skip to Main content Skip to Navigation
Reports

XSS-FP: Browser Fingerprinting using HTML Parser Quirks

Abstract : There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71\% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to.
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/hal-00753926
Contributor : Martin Monperrus <>
Submitted on : Monday, November 19, 2012 - 10:07:08 PM
Last modification on : Wednesday, June 24, 2020 - 4:18:37 PM
Long-term archiving on: : Saturday, December 17, 2016 - 11:50:57 AM

Files

article.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00753926, version 1
  • ARXIV : 1211.4812

Citation

Erwan Abgrall, Yves Le Traon, Martin Monperrus, Sylvain Gombault, Mario Heiderich, et al.. XSS-FP: Browser Fingerprinting using HTML Parser Quirks. [Research Report] 12888, SnT. 2012. ⟨hal-00753926⟩

Share

Metrics

Record views

718

Files downloads

1503